InvalidAuthenticityToken in Rails 5 behind Nginx using SSL
Fix by adding more headers in Nginx (X-Forwarded-Ssl on
, X-Forwarded-Port 443
and X-Forwarded-Host "your hostname"
, X-Forwarded-Proto https
). The problem was actually in the new way CSRF tokens are checked by ActionController (compares the request.base_url with the origin header)